<html>
	<head>
		<title>FindBugs&trade; - Find Bugs in Java Programs</title>
		<link rel="stylesheet" type="text/css" href="findbugs.css" />
		
	</head>

	<body>

		<table width="100%">
			<tr>

				
<td bgcolor="#b9b9fe" valign="top" align="left" width="20%"> 
<table width="100%" cellspacing="0" border="0"> 
<tr><td><a class="sidebar" href="index.html"><img src="umdFindbugs.png" alt="FindBugs"></a></td></tr> 

<tr><td>&nbsp;</td></tr>

<tr><td><b>Docs and Info</b></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="demo.html">Demo and data</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="users.html">Users and supporters</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://findbugs.blogspot.com/">FindBugs blog</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="factSheet.html">Fact sheet</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="manual/index.html">Manual</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="ja/manual/index.html">Manual(ja/&#26085;&#26412;&#35486;)</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="FAQ.html">FAQ</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="bugDescriptions.html">Bug descriptions</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="mailingLists.html">Mailing lists</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="publications.html">Documents and Publications</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="links.html">Links</a></font></td></tr> 

<tr><td>&nbsp;</td></tr>

<tr><td><a class="sidebar" href="downloads.html"><b>Downloads</b></a></td></tr> 

<tr><td>&nbsp;</td></tr>

<tr><td><a class="sidebar" href="http://www.cafeshops.com/findbugs"><b>FindBugs Swag</b></a></td></tr>

<tr><td>&nbsp;</td></tr>

<tr><td><b>Development</b></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/tracker/?group_id=96405">Open bugs</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="reportingBugs.html">Reporting bugs</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="contributing.html">Contributing</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="team.html">Dev team</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="api/index.html">API</a> <a class="sidebar" href="api/overview-summary.html">[no frames]</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="Changes.html">Change log</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://sourceforge.net/projects/findbugs">SF project page</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/browse/">Browse source</a></font></td></tr> 
<tr><td><font size="-1"><a class="sidebar" href="http://code.google.com/p/findbugs/source/list">Latest code changes</a></font></td></tr> 
</table> 
</td>

				<td align="left" valign="top">

					<p>
					<table><tr>
					<td valign="center">
						<a href="http://findbugs.sourceforge.net/"><img src="buggy-sm.png"
								alt="FindBugs logo" border="0" /> </a>
					<td valign="center">	<a href="http://www.umd.edu/"><img src="informal.png"
								alt="UMD logo" border="0" /> </a>
					</tr></table>

					<h1>
						FindBugs&trade; - Find Bugs in Java Programs
					</h1>

					<p>
						This is the web page for FindBugs, a program which uses static analysis
						to  look for bugs
						in Java code.&nbsp; It is free software, distributed under the
						terms of the
						<a href="http://www.gnu.org/licenses/lgpl.html">Lesser GNU
							Public License</a>. The name FindBugs&trade; and the
						<a href="buggy-sm.png">FindBugs logo</a> are trademarked by
						<a href="http://www.umd.edu">The University of Maryland</a>.
						As of July, 2008, FindBugs has been downloaded more than 700,000 times. 
							</p>
					
				
								<p>
						FindBugs requires JRE (or JDK) 1.5.0 or later to run.&nbsp;
						However, it can analyze programs compiled for any version of Java.
						The current version of FindBugs is 1.3.9, released on
						16:39:49 EDT, 21 August, 2009.
						<a href="reportingBugs.html">We are very interested in getting feedback on how to improve
						FindBugs</a>.
					</p>

					<p>
						<a href="#changes">Changes</a> |
						<a href="#talks">Talks</a> |
						<a href="#papers">Papers </a> |
						<a href="#sponsors">Sponsors</a> |
						<a href="#support">Support</a> 
					</p>
					<h1>New</h1>

<ul>
<li><p><b>JavaOne talk</b>: 
					<a href="http://www.cs.umd.edu/~pugh/MistakesThatMatter.pdf">Slides</a> from my JavaOne talk, 
					Mistakes That Matter.
					<li><p><b>FindBugs community review</b>: We are previewing FindBugs community review, 
					in which anyone can review issues in open source projects (i.e., mark
					issues as "must fix" or "mostly harmless"), and those reviews
					are automatically shared with other reviewers.
					<p>This is a pre-beta release, not ready for deployment. The implementation
					will be undergoing significant changes before general availability. 
					<p>Initially, we are posting results for:
					<ul>
					<li>
					<a href="http://findbugs.cs.umd.edu/cloud/jdk7.jnlp">Sun's JDK 7</a>  
					<li>
					<a href="http://findbugs.cs.umd.edu/cloud/eclipse.jnlp">Eclipse 3.5</a>
					</ul>
					
					
<li><b>Google FindBugs Fixit</b>: Google has a tradition of <a href="http://www.nytimes.com/2007/10/21/jobs/21pre.html">engineering fixits</a>, special days where they try to get all of their engineers focused on some specific problem or technique for improving the systems at Google. A fixit might work to improve web accessibility, internal testing, removing TODO's from internal software, etc.

<p>On May 13-14, Google held a global fixit for UMD's FindBugs tool  a static analysis tool for finding coding mistakes in Java software. The focus of the fixit was to get feedback on the 4,000 highest confidence issues found by FindBugs at Google, and let Google engineers decide which issues, if any, needed fixing.


	
<p>More than 700 engineers ran FindBugs from dozens of offices. More than 250 of them entered more than 8,000 reviews of the issues. A review is a classification of an issue as must-fix, should-fix, mostly-harmless, not-a-bug, and several other categories. More than 75% of the reviews classified issues as must fix, should fix or I will fix. Many of the scariest issues received more than 10 reviews each.

<p>Engineers have already submitted changes that made more than 1,100 of the 3,800 issues go away. Engineers filed more than 1,700 bug reports, of which 600 have already been marked as fixed Work continues on addressing the issues raised by the fixit, and on supporting the integration of FindBugs into the software development process at Google.

<p>The fixit at Google showcased new capabilities of FindBugs that provide a cloud computing / social networking backdrop. Reviews of issues are immediately persisted into a central store, where they can be seen by other developers, and FindBugs is integrated into the internal Google tools for filing and viewing bug reports and for viewing the version control history of source files. For the Fixit, FindBugs was configured in a mode where engineers could not see reviews from other engineers until they had entered their own; after the fixit, the configuration will be changed to a more open configuration where engineers can see reviews from others without having to provide their own review first. These capabilities have all been contributed to UMD's open source FindBugs tool, although a fair bit of engineering remains to prepare the capabilities for general release and make sure they can integrate into systems outside of Google.  The new capabilities are expected to be ready for general release in Fall 2009.
					
									
									</ul>
					  
									<h1>
						<a name="changes">Change history</a>
					</h1>
					<p> The current version of FindBugs is s 1.3.9.</p>


                                        <p> Changes since version 1.3.7</p>
					<ul>
                                          <li>Primarily another small bugfix release.</li>
                                          <li>FindBugs base:</li>
                                            <ul>
                                              <li>New Reports:</li>
                                              <ul>
                                                <li>SF_SWITCH_NO_DEFAULT: missing default case in switch statement.</li>
                                                <li>SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW: value ignored when switch fallthrough leads to
                                                thrown exception.</li>
                                                <li>INT_VACUOUS_BIT_OPERATION: bit operations that don't do any meaningful work.</li>
                                                <li>FB_UNEXPECTED_WARNING: warning generated that conflicts with @NoWarning FindBugs annotation.</li>
                                                <li>FB_MISSING_EXPECTED_WARNING: warning not generated despite presence of @ExpectedWarning FindBugs annotation.</li>
                                                <li>NOISE category: intended for use in data mining experiments.</li>
                                                <ul>
                                                  <li>NOISE_NULL_DEREFERENCE: fake null point dereference warning.</li>
                                                  <li>NOISE_METHOD_CALL:  fake method call warning.</li>
                                                  <li>NOISE_FIELD_REFERENCE:  fake field dereference warning.</li>
                                                  <li>NOISE_OPERATION:  fake operation warning.</li>
                                                </ul>
                                              </ul>
                                              <li>Other:</li>
                                              <ul>
                                                <li>Garvin Leclaire has created a new Apache Maven repository for FindBugs at
                                                <a href="http://code.google.com/p/findbugs/">the Google Code FindBugs SVN repository</a>.  (Thanks Garvin!)</li>
                                              </ul>
                                              <li>Fixes:</li>
                                              <ul>
                                                <li>[ 2317842 ] Highlighting broken in Windows</li>
                                                <li>[ 2515908 ] check for oddness should track sign of argument</li>
                                                <li>[ 2487936 ] &quot;L B GC&quot; false pos cast from Map.Entry.getKey() to Map.get()</li>
                                                <li>[ 2528264 ] Ant tasks not compatible with Ant 1.7.1</li>
                                                <li>[ 2539590 ] SF_SWITCH_FALLTHROUGH wrong message reported 	</li>
                                                <li>[ 2020066 ] Bug history displayed in fancy-hist.xsl is incorrect</li>
                                                <li>[ 2545098 ] Invalid character in analysis results file</li>
                                                <li>[ 2492673 ] Plugin sites should specify &apos;requires Eclipse 3.3 or newer&apos;</li>
                                                <li>[ 2588044 ] a tiny typing error</li>
                                                <li>[ 2589048 ] Documentation for convertXmlToText insufficient</li>
                                                <li>[ 2638739 ] NullPointerException when building</li>
                                              </ul>
                                              <li>Patches:</li>
                                              <ul>
                                                <li>[ 2538184 ] Make BugCollection implement Iterable&lt;BugInstance&gt; (thanks to Tomas Pollak)</li>
                                                <li>[ 2249771 ] Add Maven2 Findbugs plugin link to the Links page (thanks to Garvin Leclaire)</li>
                                                <li>[ 2609526 ] Japanese manual update (thanks to K. Hashimoto)</li>
                                                <li>[ 2119482 ] CheckBcel checks for nonexistent classes (thanks to Jerry James)</li>
                                              </ul>
                                            </ul>
                                          <li>FindBugs Eclipse plugin:</li>
                                            <ul>
                                              <li>Major feature enhancements (thanks to Andrei Loskutov).
                                              See <a href="http://andrei.gmxhome.de/findbugs/index.html">this overview</a> for more information.</li>
                                              <li>Major test improvements (thanks to Tomas Pollak).</li>
                                              <li>Fixes:</li>
                                              <ul>
                                                <li>[ 2532365 ] Compiler warning</li>
                                                <li>[ 2522989 ] Fix filter files selection</li>
                                                <li>[ 2504068 ] NullPointerException</li>
                                                <li>[ 2640849 ] NPE in Eclipse plugin 1.3.7 and Eclipse 3.5 M5</li>
                                              </ul>
                                              <li>Patches:</li>
                                              <ul>
                                                <li>[ 2143140 ] Unchecked conversion fixes for Eclipse plugin (thanks to Jerry James)
                                              </ul>
                                            </ul>
                                          </ul>
                                        </ul>


                                        <p>
						<a href="Changes.html">Older versions...</a>
					</p>
					
					<h1>
						<a name="talks">Talks about FindBugs</a>
					</h1>
					<ul>
					<p><a href="http://www.cs.umd.edu/~pugh/MistakesThatMatter.pdf">Mistakes That Matter</a>, JavaOne, 2009
					
						<li>
							<a href="http://findbugs.cs.umd.edu/talks/findbugs.mov">Quicktime
								movie</a> showing of demo of our new GUI to view some of the null
							pointer bugs in Eclipse (Big file warning: 23 Megabytes)

						</li>
						<li><a href="http://findbugs.cs.umd.edu/talks/JavaOne2007-TS2007.pdf">JavaOne 2007 talk on Improving Software Quality Using Static Analysis</a>
						<li>
							<a href="http://findbugs.cs.umd.edu/talks/fb-sdbp-2006.pdf">Talk</a>
							Bill Pugh gave at
							<a href="http://www.sdexpo.com/2006/sdbp/">SD Best Practices</a>,
							Sept 14th (more of a handle on tutorial about using FindBugs)
						</li>
						<li>
							<a href="http://findbugs.cs.umd.edu/talks/fb-Sept1213-2006.pdf">Talk</a>
							Bill Pugh gave at
							<a href="http://itasoftware.com/">ITA Software</a> and
							<a href="http://www.csail.mit.edu/">MIT</a>, Sept 12th and 13th
							(more of a research focus)
						</li>
						<li>
							<a
								href="http://video.google.com/videoplay?docid=-8150751070230264609">Video
								of talk</a> Bill Pugh gave at
							<a href="http://www.google.com">Google</a>, July 6th, 2006
						</li>
						<li>
							<a href="http://javaposse.com/index.php?post_id=95780">Java
								Posse podcast interview with Bill Pugh and Brian Goetz</a>
						</li>
					</ul>
					<h1><a name="papers">Papers about FindBugs</a></h1>
					<ul>
					<li><a href="http://findbugs.cs.umd.edu/papers/MoreNullPointerBugs07.pdf">Finding More Null Pointer Bugs, 
					But Not Too Many</a>, by
					<a href="http://faculty.ycp.edu/~dhovemey/">David Hovemeyer</a>, York College of Pennsylvania 
					and <a href="http://www.cs.umd.edu/~pugh/">William Pugh</a>, Univ. of Maryland,
					 <a href="http://paste07.cs.washington.edu/">7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering</a>, 
                     June, 2007
                     
					<li><a href="http://findbugs.cs.umd.edu/papers/FindBugsExperiences07.pdf">Evaluating Static Analysis 
					Defect Warnings On Production Software,</a>
 			 		<a href="http://www.cs.umd.edu/~nat/">Nathaniel Ayewah and <a href="http://www.cs.umd.edu/~pugh/">William Pugh</a>, Univ. of Maryland, and 
 					 J. David Morgenthaler, John Penix and YuQian Zhou, Google, Inc.,
 					 <a href="http://paste07.cs.washington.edu/">7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering</a>, 
                     June, 2007
					</ul>
					

					<h1>
						<a name="sponsors">Sponsors</a>
					</h1>
					<p>None, at the moment. We'd be very interested in any offers of support or
					sponsorship.
					
	<h1><a name="support">Additional Support</a></h1>
					<p>
	                    YourKit is kindly supporting open source projects with its full-featured Java Profiler.
                        YourKit, LLC is creator of innovative and intelligent tools for profiling
                        Java and .NET applications. Take a look at YourKit's leading software products:
                        <a href="http://www.yourkit.com/java/profiler/index.jsp">YourKit Java Profiler</a> and
                        <a href="http://www.yourkit.com/.net/profiler/index.jsp">YourKit .NET Profiler</a>. 
					</p>
					<p>
					    The FindBugs project also uses
					    <a href="http://www.atlassian.com/software/fisheye/">FishEye</a> and 
					    <a href="http://www.atlassian.com/software/clover/">Clover</a>,
					    which are generously provided by
					    <a href="http://www.cenqua.com/">Cenqua/Atlassian</a>.
					</p>
					<p>
						Additional financial support for the FindBugs project has been provided by 
						<a href="http://www.google.com">Google</a>,
						<a href="http://www.sun.com">Sun Microsystems</a>,
						<a href="http://www.nsf.gov">National Science Foundation</a>
						grants ASC9720199 and CCR-0098162, 
						<a href="http://www.fortify.com/">Fortify Software</a>,
						<a href="http://www.surelogic.com/">SureLogic</a>,

						
and by a 2004
						<a
							href="http://www-306.ibm.com/software/info/university/products/eclipse/eig-2004.html">IBM
							Eclipse Innovation award</a>.
					</p>
					<p>
						Any opinions, findings and conclusions or recommendations
						expressed in this material are those of the author(s) and do not
						necessarily reflect the views of the National Science Foundation
						(NSF). 
<hr> <p> 
<script language="JavaScript" type="text/javascript"> 
<!---//hide script from old browsers 
document.write( "Last updated "+ document.lastModified + "." ); 
//end hiding contents ---> 
</script> 
<p> Send comments to <a class="sidebar" href="mailto:findbugs@cs.umd.edu">findbugs@cs.umd.edu</a> 
<p> 
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=96405&amp;type=5" width="210" height="62" border="0" alt="SourceForge.net Logo" /></A>

					</p>
				</td>
			</tr>
		</table>

	</body>
</html>
